Skip to content

builtins: improve performance of has_table_privilege and has_column_privilege#65766

Merged
craig[bot] merged 5 commits intocockroachdb:masterfrom
otan-cockroach:has_table_privilege
Jun 7, 2021
Merged

builtins: improve performance of has_table_privilege and has_column_privilege#65766
craig[bot] merged 5 commits intocockroachdb:masterfrom
otan-cockroach:has_table_privilege

Conversation

@otan
Copy link
Copy Markdown
Contributor

@otan otan commented May 27, 2021

See individual commits for details

Resolves #65551

@otan otan requested review from a team, RichardJCai, dt and rafiss and removed request for a team May 27, 2021 04:57
@cockroach-teamcity
Copy link
Copy Markdown
Member

cockroach-teamcity commented May 27, 2021

This change is Reviewable

@otan otan force-pushed the has_table_privilege branch 2 times, most recently from d5beb86 to e24485f Compare May 27, 2021 06:29
otan added 2 commits May 27, 2021 22:00
@otan
builtins: improve performance of has_table_privilege
f489f09 
* Eliminate the OID lookup internal query by realising that OID maps to
  descpb.ID directly.
* Eliminate the information_schema.table_privileges internal lookup query
  by consulting the table descriptor directly.

Release note (performance improvement): Improve the performance of
has_table_privilege by using an internal cache for performing privilege
lookups.
@otan
builtins: improve has_any_column_privilege performance
ff36a80 
Release note (performance improvement): Improved the performance of
has_any_column_privilege by removing some internal queries.
@otan otan force-pushed the has_table_privilege branch from e24485f to 6f217f8 Compare May 27, 2021 12:01
RichardJCai
RichardJCai approved these changes Jun 1, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@RichardJCai RichardJCai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM mod nits

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @dt, @otan, and @rafiss)

pkg/sql/resolver.go, line 336 at r2 (raw file):

	hasPrivilege := func(priv privilege.Kind) bool {
		for _, role := range allRoles {
			for _, pu := range privilegeDesc.Users {

I think we can call privilegeDesc.CheckPrivilege here

pkg/sql/sem/builtins/pg_builtins.go, line 1333 at r4 (raw file):

				return nil, err
			}
			colArg := tree.UnwrapDatum(ctx, args[1])

Can we leave a similar comment to before stating that the column arg is only checked to see if the column exists in the table?
Makes it more clear that we're still only checking the table for privileges.

@otan
builtins: improve performance of has_column_privilege
8cf6e13 
Use the same tricks as has_table_privilege, but insert specifiers in
HasPrivilegeSpecifier to also check the column's existence.

Release note (performance improvement): Improve the performance of
has_column_privilege by removing excessive queries.
@otan otan force-pushed the has_table_privilege branch from 6f217f8 to 793a8ca Compare June 1, 2021 21:25
otan
otan commented Jun 1, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@otan otan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @dt, @otan, @rafiss, and @RichardJCai)

pkg/sql/resolver.go, line 336 at r2 (raw file):

Previously, RichardJCai (Richard Cai) wrote…

I think we can call privilegeDesc.CheckPrivilege here

i changed it, but it revealed (what i think is a) bug. can you re-check the last commit?

otan
otan commented Jun 1, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@otan otan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @dt, @rafiss, and @RichardJCai)

pkg/sql/sem/builtins/pg_builtins.go, line 1333 at r4 (raw file):

Previously, RichardJCai (Richard Cai) wrote…

Can we leave a similar comment to before stating that the column arg is only checked to see if the column exists in the table?
Makes it more clear that we're still only checking the table for privileges.

Done.

otan added 2 commits June 2, 2021 09:39
@otan
sql: use CheckPrivileges for HasPrivilegeCheck instead
a4c4206 
Release note (bug fix): Fixed a bug where owners of a table has
privileges to SELECT from it, but would return false on has_*_privilege
related functions.
@otan
ddl_analysis: add benchmarks for has_table_privilege/has_column_privi…
2025fdb 
…lege

Release note: None
@otan otan force-pushed the has_table_privilege branch from 6bd2ee0 to 2025fdb Compare June 1, 2021 23:39
@otan
Copy link
Copy Markdown
Contributor Author

otan commented Jun 7, 2021

bors r=richardjcai

@craig
Copy link
Copy Markdown
Contributor

craig bot commented Jun 7, 2021

Build succeeded:

@craig craig bot merged commit d775083 into cockroachdb:master Jun 7, 2021
@otan otan mentioned this pull request Jun 8, 2021
Closed
This was referenced Sep 8, 2021
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rafiss rafiss Awaiting requested review from rafiss

@dt dt Awaiting requested review from dt

1 more reviewer

@RichardJCai RichardJCai RichardJCai approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

sql: has_column_privilege makes graphile introspection query slow

3 participants

@otan @cockroach-teamcity @RichardJCai